Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by Strahan

  1. Ahh. OK, sounds good. Thanks!
  2. Hi. I made a website to keep track of where I am in various manga. I noticed that sometimes the title I grab looks OK when rendered on the page but in the database it's weird looking I did a for ($x=0; $x<strlen($title); $x++) loop and dumped $x, char at $ pos and ord of char: 0 = T = 84 1 = h = 104 2 = e = 101 3 = = 32 4 = D = 68 5 = e = 101 6 = m = 109 7 = o = 111 8 = n = 110 9 = = 32 10 = K = 75 11 = i = 105 12 = n = 110 13 = g = 103 14 = � = 226 15 = � = 128 16 = � = 153 17 = s = 115 18 = = 32 19 = D = 68 20 = a = 97 Is there some nifty built in function for con
  3. Ahhhh thanks all, that clears it up. I put a UID criteria in the ON clause and now it properly gives me unread chapters for whatever user is polling. Nice. Funny thing is, I'm going to all this effort to build multiuser capability yet I'll probably hardly ever have other people using the site lol. I saw a drawing on DeviantArt by an artist, tidusyuna, of Shirayuki Mizore from Rosario+Vampire and really liked it. She was my favorite character from the show, and this guy drew her with her long hair before she chopped it off a few eps in. Decided to use it for an avatar. Also co
  4. This sounds easy, but I'm having headaches with it. Maybe I shouldn't be working at 1:20 AM lol. Anyway, I have two tables. One is chapters, one is readlog. I want to pull a list of chapters but only ones I haven't read. This is the schema: chapters: cid, int, index, autoinc id, int, the id of the book chapter, varchar, the chapter number url, varchar, link to the chapter text readlog: rlid, int, index, autoinc uid, int, relates to user table cid, int, relates to chapters dateread, datetime, self explanatory So I did: SELECT chapter,dateadded,dateposted,url FR
  5. Gotcha, I'll do some reading on the things you brought up. Sorry for being dense
  6. The problem I was having and wasn't sure about was whether or not it's safe to store their ID in a session variable and use that to determine if they are logged in, and logged in as whom. As I said in the first post, I just check if a session var is set and if not they get the login prompt and if so the system uses the id in the var when it needs to check if the person has rights to do something. I wasn't sure if session variables were exposed to the client, where they could change their ID in the session var and become someone else. I also see, looking at the examples, that yea I was
  7. Hello. I have two tables and I want to get data back from both in one query. Table 1: media Fields fileid (int, index), parent (int - match to info 'id' field), filename (varchar[30]), filesize (bigint) Table 2: watchlog Fields wid (int, index), parent (int - match to media 'fileid' field), watched (datetime), user (int) So when I do a select to get all the files in a parent folder, I'd like to show if they were watched or not and have a mouseover to show when. Problem is, sometimes things are rewatched and there are multiple entries with the same parent in watchlog. If I do:
  8. I find it hard to believe you can put forth such a gross generalization. Just because IPBoard exposes a user's db ID doesn't mean every other PHP site in existence does. My problem (which I defined in my first post) was just that I wasn't sure if it was secure/acceptable to store a piece of data in a session variable to track whether or not a user was logged in, or if I should find some other method. requinix said "Unless you have a weird PHP configuration that's possible but one I've never actually seen anyone do (because it's so stupid) then data in $_SESSION is safe" which answ
  9. Sounds good, thanks a lot. Well, yea, it basically is a bunch of ideas at the end there because I wasn't sure the best way to approach it. I explained what I am doing now in the first few sentences (storing IDs). When I say ID, I don't mean like "Jacques1" I mean the index value in the database. Nobody sees that. I just wasn't sure if that was a good approach or not.
  10. Hi. Question for you all. The way I authenticate now, I check if a session var "authUID" exists. If not, I present the auth form. If they log in correctly, I set $_SESSION["authUID"] = $dbrecordsetvar["uid"]; Is that secure? Session vars are not exposed to the client at all, correct? Just wanted to verify. Also, would it be better to store the password they entered on the form (encrypted) instead of the db's UID for their account then just check it against the DB every time I load sensitive pages? I figured that may be better as it would catch if the pwd changed on another client a
  11. Thanks a lot, that's just what I needed
  12. I'm reading the docs for field, I'm a little lost. I don't want to pull back just one type, I want all the records I just want them to sort by cstype in the order listed. Those SQL commands do that kind of thing? I guess I need to keep reading heh.
  13. Hi. I have a web app to track shows I watch. I have it pulling data from a provider who gives API access to their database. The character database has a field to determine a character's status in the show. These are the values it sends: main character in secondary cast in appears in cameo appearance in I have them in my local database using the same value. I just went to view characters for a show and "cameo" is at the top of the list. That is annoying, as cameo characters are of low relevance. I'd like to sort the SQL result in the order I listed them above. I'm doing: $s
  14. Hmm. But doesn't that SQL injection vulnerability depend on bad input being put into the array being used to create the query? The array I use to build the query is created from a SELECT against "DB.INFORMATION_SCHEMA.COLUMNS". Unless someone renames my table columns I'd think I'm reasonably safe, yes?
  15. Thanks. Interesting. I usually put ? for each piece of data then do $sql->execute(array("blah")). Is using the : format safer or is there some other reason to do that? Thanks again.
  16. Hi. I have an array of fields I'm using to create a SQL query. Imploding it works fine for building the field list, then I figured I'd str_repeat to build the ?s. I did: $sql = "INSERT INTO test (" . implode(",", $fields) . ") VALUES (" . str_repeat("?,", count($fields)) . ")"; ...but that gave me: INSERT INTO test (blah, blah, blah) VALUES (?,?,?,) So to fix it I did: $sql = "INSERT INTO test (" . implode(",", $fields) . ") VALUES (" . substr(str_repeat("?,", count($fields)), 0, strlen(str_repeat("?,", count($fields)))-1) . ")"; It works, but that's ugly as sin. I
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.